syzbot

 sign-in | mailing list | source | docs
🐞 Open [1496]
Subsystems
🐞 Fixed [6528]
🐞 Invalid [16626]
Missing Backports [205]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

BUG: corrupted list in __netif_napi_del_locked

Status: closed as invalid on 2025/07/02 15:51
Subsystems: net
[Documentation on labels]
First crash: 105d, last: 100d

Sample crash report:
 slab kmalloc-cg-4k start ffff88805161c000 pointer offset 368 size 4096
list_del corruption. next->prev should be ffffe8ffffc60220, but was ffff8880234fe178. (next=ffff88805161c170)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:67!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 1 UID: 0 PID: 3460 Comm: kworker/u8:8 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: netns cleanup_net
RIP: 0010:__list_del_entry_valid_or_report+0x18a/0x190 lib/list_debug.c:65
Code: 5c 60 43 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 ed 30 63 fd 49 8b 56 08 48 c7 c7 c0 de c1 8b 48 89 de 4c 89 f1 e8 07 d7 68 fc 90 <0f> 0b cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000c52f840 EFLAGS: 00010246
RAX: 000000000000006d RBX: ffffe8ffffc60220 RCX: 835768ac81143e00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffc9000c52f527 R09: 1ffff920018a5ea4
R10: dffffc0000000000 R11: fffff520018a5ea5 R12: 1ffff1100a2c382f
R13: dffffc0000000000 R14: ffff88805161c170 R15: ffff88805161c178
FS:  0000000000000000(0000) GS:ffff8881261c7000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fee60fb6038 CR3: 0000000046c50000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __list_del_entry_valid include/linux/list.h:124 [inline]
 __list_del_entry include/linux/list.h:215 [inline]
 list_del_rcu include/linux/rculist.h:168 [inline]
 __netif_napi_del_locked+0x1ed/0x3c0 net/core/dev.c:7298
 __netif_napi_del include/linux/netdevice.h:2876 [inline]
 gro_cells_destroy+0x16a/0x430 net/core/gro_cells.c:117
 ip_tunnel_dev_free+0x19/0x30 net/ipv4/ip_tunnel.c:1102
 netdev_run_todo+0xcd7/0xea0 net/core/dev.c:11300
 cleanup_net+0x6a8/0xbd0 net/core/net_namespace.c:650
 process_one_work kernel/workqueue.c:3238 [inline]
 process_scheduled_works+0xade/0x17a0 kernel/workqueue.c:3319
 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3400
 kthread+0x711/0x8a0 kernel/kthread.c:464
 ret_from_fork+0x4e/0x80 arch/x86/kernel/process.c:153
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0x18a/0x190 lib/list_debug.c:65
Code: 5c 60 43 fd 43 80 3c 2c 00 74 08 4c 89 ff e8 ed 30 63 fd 49 8b 56 08 48 c7 c7 c0 de c1 8b 48 89 de 4c 89 f1 e8 07 d7 68 fc 90 <0f> 0b cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 0018:ffffc9000c52f840 EFLAGS: 00010246
RAX: 000000000000006d RBX: ffffe8ffffc60220 RCX: 835768ac81143e00
RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffc9000c52f527 R09: 1ffff920018a5ea4
R10: dffffc0000000000 R11: fffff520018a5ea5 R12: 1ffff1100a2c382f
R13: dffffc0000000000 R14: ffff88805161c170 R15: ffff88805161c178
FS:  0000000000000000(0000) GS:ffff8881261c7000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000056537867c000 CR3: 000000006634e000 CR4: 0000000000350ef0

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2025/05/16 04:20 upstream fee3e843b309 cfde8269 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: corrupted list in __netif_napi_del_locked
2025/05/11 17:19 upstream 3ce9925823c7 77908e5f .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root BUG: corrupted list in __netif_napi_del_locked
* Struck through repros no longer work on HEAD.